EMEA InfoSec Surprisingly Strong, EDC Says

Securing information systems against ever-increasing attacks presents a challenge for organizations around the world, and many enterprises are constantly playing catch up when it comes to protecting their IT environments from attack. However, it seems that enterprises in the Europe, Middle East and Africa (EMEA) region are not only catching up, but also gaining ground against the black hats.

The latest EMEA Development Survey from research firm Evans Data Corp. (EDC), which polled approximately 400 developers from the region, shows 47 percent of developers reporting breaches, down nearly 20 percent from the figure registered in the spring of 2004. “In general, our data indicates that security continues to be more robust as scope and layering evolve in both hardware and software arenas,” EDC President John Andrews said. “We see no real change in attacks but are very cautious in reporting this figure since it is extremely difficult to track given the unreliable nature of what companies will and will not report.”

EMEA developers also said there were fewer worm and buffer-overflow attacks. The most common kind of attack is the computer virus, generally delivered through e-mail, which accounted for 22 percent of all breaches reported in the study. Additionally, Web-related attacks like denial of service, site defacement and physical breach, which registered 12 percent, seem to be on the rise despite drops in other categories.

However, the announcement is positive overall, and methodologies that have led to success in EMEA can and should be applied elsewhere. “The situation isn’t unique to EMEA,” Andrews said. “The principles of managing security are consistent across the regions. Social engineering and non-adherence to policy is the major cause for security breaches, followed by lack of qualified personnel, solution complexity and cost are the key areas across all regions that impact ‘security effectiveness’ the greatest.”